Mobile app version of vmapp.org
Login or Join
Smith883

: Server flooded with Wordpress login requests. Need advice Recently I was looking at the nginx access logs and found on 2 ocassions a large ammount of requests pointed towards my WP login page.

@Smith883

Posted in: #Nginx #Security #Wordpress

Recently I was looking at the nginx access logs and found on 2 ocassions a large ammount of requests pointed towards my WP login page. There were over 50.000 requests coming from 2 different IP adresses.

I don't think that these are coming from automated bots, but rather a person that knows what is he doing. My website published an article about government surveillance, and after it was published, the next day I was flooded with requests like these. Previously I haven't noticed any strange activity showing up.

Is there any way on the server side to throttle / block this kind of requests? I'm using LEMP stack on a VPS from Digital Ocean. I see a lot of people are mentioning fail2ban as an option, but is there a more simple solution? If not, how do I properly configure fail2ban to identify and block requests that exceeds "n" requests / sec?

Can you advice me something else to properly secure my website? I'm planning to implement https to the login page, I'm already using SSH keys, and using pretty hard to bruteforce passwords.

Here's a small capture of the requests that were coming yesterday. I've already reported the IP address for abuse at the provider, but I don't think it will make a difference.

195.159.29.178 - - [26/Aug/2014:18:32:08 -0400] "POST /wp-login.php HTTP/1.0" 302 0 "-" "-"
195.159.29.178 - - [26/Aug/2014:18:32:08 -0400] "POST /wp-login.php HTTP/1.0" 302 0 "-" "-"
195.159.29.178 - - [26/Aug/2014:18:32:08 -0400] "POST /wp-login.php HTTP/1.0" 302 0 "-" "-"
195.159.29.178 - - [26/Aug/2014:18:32:08 -0400] "POST /wp-login.php HTTP/1.0" 302 0 "-" "-"
195.159.29.178 - - [26/Aug/2014:18:32:08 -0400] "POST /wp-login.php HTTP/1.0" 302 0 "-" "-"
195.159.29.178 - - [26/Aug/2014:18:32:08 -0400] "POST /wp-login.php HTTP/1.0" 302 0 "-" "-"
195.159.29.178 - - [26/Aug/2014:18:32:08 -0400] "POST /wp-login.php HTTP/1.0" 302 0 "-" "-"
195.159.29.178 - - [26/Aug/2014:18:32:08 -0400] "POST /wp-login.php HTTP/1.0" 302 0 "-" "-"

10.01% popularity Vote Up Vote Down

Login to follow query

More posts by @Smith883

Login to post a comment!

1 Comments

Sorted by latest first Latest Oldest Best

 

@Gloria169

I've been using the Wordfence Security plugin for Wordpress, as it:


Allows you to ban certain IP addresses via Wordpress.
Can be configured to block IP addresses after too many failed Wordpress logins.


It will also email you whenever somebody has been locked out (or if somebody has logged in). Typically speaking, I get at least 10+ emails a day as bots are always trying to brute force their way into Wordpress.

I use fail2ban to block IPs that are attempting to brute force the SSH login on my server.

If you want to block the IP completely, you can follow this guide on how to block IP addresses via Nginx.

10% popularity Vote Up Vote Down

Back to top | Use Dark Theme